Server system, communication system, communication terminal device, program, recording medium, and communication method

ABSTRACT

Provided is a network system which improves a security and prevents illegal use when providing services such as Internet banking services. A random graphic table (RMT) is issued to a user, and having text characters which a user inputs and figures which corresponds to the text characters, respectively, and which is unrelated to the text characters such as a photograph. A banking organization server ( 30 ) manages random graphic table data corresponding to the random graphic table (RMT), distributes data for input including a portion of the random graphic table data to a communication terminal device ( 10 ) when information is inputted, and executing a specification of information to be specified while comparing the data for input with the random graphic table (RMT).

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a Continuation Application of U.S. application Ser.No. 15/339,296 filed on Oct. 31, 2016, which is a ContinuationApplication of International Application No. PCT/JP2015/062704 filed onApr. 27, 2015, claiming priority based on Japanese Patent ApplicationNo. 2014-104705, filed on May 1, 2014, Japanese Patent Application No.2014-135075, filed on Jun. 12, 2014, and Japanese Patent Application No.2014-177578, filed on Sep. 1, 2014, the contents of all of which areincorporated herein by reference in their entirety.

FIELD OF THE INVENTION

The present invention relates to a server system, a communicationsystem, a program, a communication terminal device, a recording mediumand a communication method, in which transmission/reception of variouskinds of information is performed while securing confidentiality.

BACKGROUND ART

In recent years, illegal use, as represented by so-called spoofing, hasbeen increasing rapidly in the World Wide Web (WWW)-mediated services,such as Internet banking services, on-line stores, or the like.

For example, in the case of Internet banking, in addition to the systemsin which user authentication is performed by making use of a bankingorganization-issued random number table that is unique to each user,systems in which user authentication is performed by making use of, forexample, a one-time password generated by a cryptographic token issuedby the banking organization (for example, Patent Document 1), have beenput to practical use.

PRIOR ART DOCUMENTS Patent Documents

[Patent Document 1] Japanese Laid-Open Patent Application No.2010-049554

SUMMARY OF THE INVENTION Problem to be Solved by the Invention

However, with the above-described systems, communication security at thetime of service delivery is not sufficiently secured, and thus, it iscreating a breeding ground for illegal use.

The present invention is made in order to solve the above-describedproblem, and an object thereof is to provide a server system, and thelike, that are capable of improving security at the time of deliveringvarious kinds of services and that are capable of preventing illegaluse.

Means for Solving the Problem

(1) In order to solve the above-described problem, the server system ofthe present invention has:

a receiver that receives, via a network, data from a communicationterminal device that communicates with and is connected to the serversystem;

a controller that controls a database in which table data is recorded inassociation with identification information for identifying a user, thetable data being predetermined for each user of the communicationterminal device and having entry target characters entered at thecommunication terminal device and figures pre-allocated to therespective entry target characters that are associated with each other;

a data specifying processer that specifies, when a given requestdesignated by a user from the communication terminal device is receivedby the receiver, table data that corresponds to the user;

an extracting processer that extracts the figures that correspond toentry target characters to be specified by the user based on thespecified table data;

a distributer that generates data for entry that is associated with eachof the extracted figures and that includes marker information to be usedwhen relevant figures are displayed at a relevant communication terminaldevice, and that distributes the generated data for entry to thecommunication terminal device;

an acquiring processer that acquires, when the figures are displayed atthe communication terminal device based on the distributed data forentry, the marker information that corresponds to the figures entered bythe user from the communication terminal device;

a determining processer that determines the relevant figures based onthe acquired marker information; and

a processer that specifies the entry target characters to be specifiedbased on the determined figures and that executes a given process basedon the specified entry target characters.

Based on this configuration, the server system of the present inventionmakes use of figures when the user enters the entry target characters.Thus, the server system is capable of specifying account information(account number and remittance amount), authentication information(login information) or other information to be specified by the user,without directly entering such information to be specified by an inputdevice such as a keyboard.

Accordingly, the server system of the present invention is capable ofpreventing: the leakage of security-related information (for example, apassword) caused by a user's carelessness, for example, by entering, allat once, at a phishing site, all of the information described in anumber table, or the like, which is issued to the user in advance; andthe transfer of information to a third party who performs an illegallogin.

In addition, the server system of the present invention makes use of themarker information, such as the display positions of the figures,instead of the entry target characters or the figures specifying theentry target characters, for the data communication between thecommunication terminal devices and the server systems. Thus, the serversystem of the present invention is capable of preventing the informationto be specified by a user from being stolen or tampered with by a thirdparty, between the communication terminal device and the server system.

Accordingly, the server system, and the like, of the present inventionis capable of preventing illegal logins and man-in-the-middle attacksmade by a third party to the services delivered to the users.

Consequently, the server system of the present invention is capable ofpreventing the leakage of the security-related information, illegal usesand man-in-the-middle attacks, and of improving the security at the timeof delivering various services including Internet banking service, orthe like.

(2) In order to solve the above-described problem, the communicationterminal device of the present invention is a communication terminaldevice that is connected to a server system that executes variousprocesses, via a network, and that deliver various services to a userwhile they transmit/receive data to/from such server systems, and thecommunication terminal device of the present invention has aconfiguration in which the following units are provided:

an acquiring processer that acquires part of table data , along withcontrol information for controlling, at least, display positions fordisplaying figures on a display, from the server system, the table databeing table data predetermined for each user, the table data includingentry target characters that are entered by the user and figures thatare pre-allocated to the respective entry target characters, the entrytarget characters and the figures in the table data being associatedwith each other;

an receiver that receives an input operation of the user in accordancewith an image displayed based on the acquired table data;

a specifying processer that specifies the display positionscorresponding to the figures designated by the user in response to theinput operation; and

a transmitter that transmits information that indicates the displaypositions corresponding to the specified figures to the server system.

Based on this configuration, the communication terminal device of thepresent invention makes use of figures when the user enters the entrytarget characters. Thus, the communication terminal device of thepresent invention is capable of specifying account information (accountnumber and remittance amount), authentication information (logininformation) or other information to be specified by the user, withoutdirectly entering such information to be specified by an input devicesuch as a keyboard.

Accordingly, the communication terminal device of the present inventionis capable of preventing: the leakage of security-related information(for example, a password) caused by a user's carelessness, for example,by entering, all at once, at a phishing site, all of the informationdescribed in random number table, or the like, which is issued to a userin advance; and the transfer of information to a third party whoperforms an illegal login.

In addition, the communication terminal device of the present inventionmake use of the marker information, such as the display positions of thefigures, instead of the entry target characters or the figuresspecifying the entry target characters, for the data communicationbetween the communication terminal device and the server system. Thus,the communication terminal device of the present invention is capable ofpreventing the information to be specified by a user from being stolenor tampered with by a third party, between the communication terminaldevice and the server system.

Accordingly, the communication terminal device of the present inventionis capable of preventing illegal logins and man-in-the-middle attacksmade by a third party to the services delivered to the users.

Consequently, the communication terminal device of the present inventionis capable of preventing the leakage of the security-relatedinformation, illegal uses and man-in-the-middle attacks, and ofimproving the security at the time of delivering various servicesincluding the Internet banking service, or the like.

(3) In order to solve the above-described problem, a recording medium ofthe present invention is a recording medium having figures that arevisible and that are for specifying, at a server system that deliversvarious services, entry target characters entered by a user when theuser accesses the server system by making use of a communicationterminal device, the recording medium comprising:

a table that has a plurality of rows and a plurality of columns, aplurality of different entry target characters and a plurality offigures that differ for each entry target character being arranged in arow or column, and

each figure having a shape that is unconverted by a character code usedat the time of user operational input based on an input device to beused by the user for entering predetermined information.

Based on this configuration, the recording medium of the presentinvention is formed with a random number table in which figures such as,for example, symbols, designs, pictures or images (for example, stillimages including photographs, moving images or hand-written characters),from which the entry target characters cannot be deduced directly (i.e.shapes that cannot be converted by means of character codes used at thetime of user operational input based on an input device used by the userfor entering predetermined information) are associated with entry targetcharacters. Thus, when entering the entry target characters, such entrytarget characters can be specified without using such entry targetcharacters.

Accordingly, the storage medium of the present invention is capable ofpreventing: the leakage of security-related information (for example, apassword) caused by a user's carelessness, for example, by entering, allat once, at a phishing site, all of the information described in randomnumber table, or the like, which is issued to a user in advance; and thetransfer of information to a third party who performs an illegal login.

In addition, the storage medium of the present invention can make use ofthe marker information, such as the display positions of the figures,instead of the entry target characters or the figures specifying theentry target characters, for the data communication between thecommunication terminal devices and the server systems. Thus, the storagemedium of the present invention is capable of preventing the informationto be specified by a user from being stolen or tampered with by a thirdparty, between the communication terminal devices and the serversystems.

Accordingly, the storage medium of the present invention is capable ofpreventing illegal logins and man-in-the-middle attacks made by a thirdparty to the services delivered to the users.

Consequently, the storage medium of the present invention is capable ofpreventing the leakage of the security-related information, illegal usesand man-in-the-middle attacks, and of improving the security at the timeof delivering various services including the Internet banking service,or the like.

Effect of the Invention

The server system, and the like, according to the present invention arecapable of preventing the leakage of security-related information,illegal use and man-in-the middle attacks and of improving the securityat the time of delivering various services, such as the Internet bankingservice or the like.

BRIEF DESCRIPTIONS OF THE DRAWINGS

FIG. 1 is a system configuration diagram illustrating a systemconfiguration in an embodiment of the network system according to thepresent invention.

FIG. 2 is a diagram for explaining the ways of illegal attacks that haveconventionally been an issue.

FIG. 3 is a diagram illustrating an example of a random graphic table ofan embodiment.

FIG. 4 is a diagram illustrating functional blocks of a communicationterminal device in an embodiment.

FIG. 5 is a diagram illustrating functional blocks of a bankingorganization server in an embodiment.

FIG. 6 is a diagram illustrating an example of data to be recorded in auser management database provided in a banking organization server of anembodiment.

FIG. 7 is a diagram illustrating an example of data to be recorded in arandom graphic table data management database provided in a bankingorganization server of an embodiment.

FIG. 8 is a diagram illustrating an example of data to be recorded in abanking organization management database provided in a bankingorganization server of an embodiment.

FIG. 9 is a diagram illustrating an example of data to be recorded in anaccount management database provided in a banking organization server ofan embodiment.

FIG. 10 is a flowchart illustrating operations of a settlement processto be executed in a network system of an embodiment.

FIG. 11 is a diagram illustrating an example of a service login screendisplayed in a communication terminal device of an embodiment.

FIGS. 12A and 12B are diagrams each illustrating an example of an entryscreen displayed in a communication terminal device of an embodiment.

FIG. 13 a diagram illustrating an example of a confirmation screendisplayed in a communication terminal device of an embodiment.

EMBODIMENTS OF THE INVENTION

Hereinafter, embodiments of the present invention will be described withreference to the drawings. It should be noted that the followingembodiments are embodiments wherein a server system, a program for theserver system, a communication terminal device, a program for thecommunication terminal device, a recording medium, a character entrymethod and an information encryption method, all according to thepresent invention, are applied to a network system that includes: acommunication terminal device, which is used by a user (i.e. a personwho opened an account) who receives the provision of a banking servicevia the Internet (hereinafter referred to as “the Internet bankingservice”); and a banking organization server which is connected to andcommunicates with the communication terminal device via the network.

It should also be noted that the embodiments described below will notunduly limit the content of the invention described in the claims. Inaddition, the entire configuration described in the present embodimentsis not necessarily a required component of the present invention.

Outline of Network System

First, the configuration and outline of network system 1 in the presentembodiment will be described with reference to FIGS. 1 and 2.

It should be noted that FIG. 1 is a diagram illustrating the systemconfiguration of network system 1 of the present embodiment and FIG. 2is a diagram for explaining attacks made by a malicious third party,which have been occurring in conventional internet banking services.

In order to prevent the drawings from becoming complicated, only someusers, communication terminal devices 10, banking organizations, bankingorganization servers 30 and a malicious third party are displayed ineach of the above drawings. In other words, more users, communicationterminal devices 10, banking organizations, banking organization servers30, and the like, than those shown in the drawings are present in theactual network system 1.

Network system 1 of the present embodiment has a configuration forseparately delivering the Internet banking services to each user, and isa system capable of improving the security of the Internet bankingservice by specifying entry target characters necessary for executingvarious processes in the Internet banking service, such as beneficiaryinformation, including an account, a beneficiary bank and the like, orthe amount of remittance and the like, by making use of a given randomgraphic table RMT that can prevent the leakage of security-relatedinformation, illegal use and the man-in-the middle attacks.

In particular, as shown in FIG. 1, network system 1 of the presentembodiment includes: a plurality of communication terminal devices 10owned by the respective users; and a plurality of banking organizationservers 30, which are managed and operated by the respective bankingorganizations, which are connected to communication terminal devices 10via network 20, and which execute a remittance process, for sending aremittance to a third party's account, and other settlement processes.

In addition, in network system 1 of the present embodiment, a givenrandom graphic table RMT, in which: entry target characters and figuresare associated with each other, is used. The entry target characters arespecified by a specified user. For example, the entry target charactersinclude numerical characters, alphabetical characters, hiraganacharacters, katakana characters, kanji characters (Chinese characters)and others (for example, any characters that can generally be enteredwith an input device, such as a keyboard, etc.). The figures is deduceddirectly from the above entry target character (i.e. shapes that isunconverted by character codes used at the time of user operationalinput based on an input device used by a user for entering predeterminedinformation). For example, the figures include symbols, designs,picture, images (for example, still images including photographs, movingimages or hand-written characters), and the like. Thus, an improvementin security of the above Internet banking service is achieved by therandom graphic table RMT.

For example, as shown in FIG. 2, in conventional Internet bankingservices, when a remittance is to be made from a server of (paying)banking organization A to a server of (receiving) banking organization Bbased on a remittance instruction from a terminal device, which is basedon a user's instructions, the following major types of attacks and fraudare quite rampant, and damage, such as illegal remittances, banktransfer scams, and the like, occur frequently.

(1) Type 1 ([1] in FIG. 2)

This is a type where a terminal device, such as a personal computer,used by a user, is infected with malware, such as a key logger, in someway and entered information, such as a password (hereinafter alsoreferred to as “PW”) entered by the user, is obtained. In this case, amalicious third party illegally logs into the server of (paying) bankingorganization A as a legitimate user, using the illegally-obtainedpassword, etc., and provides a remittance instruction, and an illegalremittance process is executed in which an illegal remittance is made toan account, etc. of the malicious third party, and more specifically, toa server of (illegal remittance beneficiary) banking organization C.

(2) Type 2 ([2] in FIG. 2)

This is a type where a malicious third party utilizes a random numbergenerator, etc. and implements an attack in which all combinations ofnumbers and English characters are transmitted in a round-robin mannerto the server of (paying) banking organization A, and thereby takes overthe user's account. In this case, the malicious third party provides aremittance instruction as a legitimate user to the server of (paying)banking organization A, and an illegal remittance process is executed inwhich an illegal remittance is made to an account, etc. of the maliciousthird party, and more specifically, to a server of (illegal remittancebeneficiary) banking organization C.

(3) Type 3 ([3] in FIG. 2)

This is a man-in-the middle attack type where information sent from theuser's terminal device to the server of the banking organization istampered with on the network, and money is caused to be received at abeneficiary different from the original beneficiary by changing thebeneficiary, the amount of money, etc. For example, when an instructionto make a remittance to the server of (receiving banking organization Bis provided to the server of (paying) banking organization A from theterminal device, based on the user's instruction, such remittanceinstruction is analyzed and is tampered with into an instruction to betransmitted to the server of (illegal remittance beneficiary) bankingorganization C, and a process to make an illegal remittance to suchillegal remittance beneficiary is executed. Furthermore, a remittanceresult from the illegal remittance beneficiary is disguised into aremittance result from the server of (receiving) banking organization Band is notified as a remittance completion of the server of (paying)banking organization A.

(4) Type 4 ([4] in FIG. 2)

This is a phishing fraud type ([4] in FIG. 2) where a URL of a website(i.e. a phishing website) that differs from the original websitedelivering services is sent to the user's terminal device by way of anemail, etc., and the user is led to the phishing website, and variouskinds of information, such as a password, a random graphic table or thelike, are swindled by deceiving the user into entering such informationin such phishing website. In this case, the malicious third partyillegally logs into the server of (paying) banking organization A as alegitimate user, using the illegally-obtained password, etc., andprovides a remittance instruction, and an illegal remittance process isexecuted in which an illegal remittance is made to an account, etc. ofthe malicious third party, and more specifically, to a server of(illegal remittance beneficiary) banking organization C.

Accordingly, in order to secure safety in the Internet banking service,it is necessary to take measures against all types of the variousattacks and fraud described above so as to prevent the same.

On the other hand, conventional approaches for avoiding the variousattacks described above include:

(A) an approach where a client certificate is used;

(B) an approach where a cryptographic token that generates a one-timepassword is used; and

(C) an approach where authentication is performed by means of uniqueinformation (a subscriber number, serial number, or the like) inside theuser's terminal device, or biological information such as fingerprints,veins, or the like.

However, in addition to the fact that it is easy for a clientcertificate to be taken over and it is therefore not an effective meansof preventing attacks, it cannot be used for international commercialtransactions since the types of such certificates differ from country tocountry. Moreover, in the case of making use of a cryptographic token,since it is expensive to manufacture a machine dedicated tocryptographic tokens, it is not widely used. Furthermore, the uniqueinformation of the user's terminal device is likely to be extracted bymalware, and thus, in many cases, the effectiveness thereof cannot beensured as a method for preventing attacks. Also, the case wherebiological information is used has not become popular due to the highcost of introducing devices, the decrease in user-friendliness such thatthe information cannot be easily entered, or difficulties in obtainingaccurate biological information.

On the other hand, in addition to the above-described approaches (A) to(C), there is also an approach where a random number table (a table inwhich numbers are randomly arranged in a matrix), which is madeavailable for user entry, is separately issued for each user by abanking organization, and identification is verified by performing anentry using such random number table.

However, in such case, the content of the information sent from the userto the banking organization is expressed in a character code, such asASCII code, which can be specified in other general terminal devices.Accordingly, a malicious third party can easily specify the characterstring expressed by the transmitted/received information, and it isdifficult to prevent man-in-the middle attacks that perform tamperingwith and disguising of the information during communication.

In addition, in the case of using such random number table, it is quitecommon for the user to be led to a phishing site and to inadvertentlyenter all of the information of the random number table in such phishingsite. When all information of random number table is entered, the useris spoofed based on such random number table and illegal remittances arecarried out.

Moreover, when the user's terminal device, etc. is infected withmalware, such as a key logger, all information entered by the user inaccordance with random number table may be stolen by a third party.

Hence, network system 1 of the present embodiment adopts a configurationin which:

(1) random graphic table RMT is used, which is issued at a bankingorganization in advance for each user and in which entry targetcharacters, such as numerical characters and alphabetical characters,and figures, from which the above entry target characters cannot bededuced directly, such as symbols, photographs, graphics or pictures,are associated with each other as illustrated in FIG. 3;

(2) random graphic table data, in which random graphic tables RMTs ofthe respective users are compiled into data, and user IDs foridentifying such users are managed by associating them with each other;

(3) when a user uses the Internet banking service, data (hereinafterreferred to as “data for entry”) is distributed, such data is fordisplaying to an appropriate user a plurality of figures, includingfigures corresponding to the entry target characters, based on therandom graphic table data corresponding to the respective users and suchdata is for making the entry target characters to be entered by thefigures;

(4) when a plurality of figures is provided (displayed) to the userbased on the data for entry, positional information that indicatesdisplay positions for specifying the figures selected by the user andinformation for specifying such display positions (hereinafter referredto as “marker information”) are specified; and

(5) the figures are determined based on the specified marker informationand finally the entry target characters are specified.

In particular, the present embodiment has a configuration in which theentry target characters, which are to be specified, are communicated asthe marker information by making use of the above-described randomgraphic table RMT, and while the entry target characters cannot bespecified by a third party during communication, the entry targetcharacters, which are to be specified for the respective users, can bespecified at banking organization servers 30.

Specifically, communication terminal device 10 is a communicationterminal device, such as a personal computer (PC), a smartphone, or thelike, used by a user, and it is adapted to connect to network 20, eitherdirectly or via base station BS, and to execute data communication withbanking organization servers 30.

Communication terminal device 10 obtains resource data based on URLs inaccordance with input operations of a user or the like, wherein suchresource data is described in a markup language, such as eXtensibleMarkup Language (XML). Communication terminal device 10 has a browsingfunction that performs image display and data communication based onsuch resource data.

In particular, communication terminal device 10 is adapted such that, atthe time of using the Internet banking service by using the browsingfunction, it logs into banking organization server 30, obtains data forentry, and transmits marker information in the figures entered based onrandom graphic table RMT to banking organization server 30.

On the other hand, banking organization server 30 is a computer systemwhich is managed and operated by a corresponding banking organization.Banking organization server 30 has various databases (hereinafterreferred to as “DBs”) and executes various processes for delivering theInternet banking service.

In particular, banking organization server 30 of the present embodimenthas a configuration so that the following processes can be executed:

(A) a data for entry distribution process, in which, at the time ofdelivering the Internet banking service, the banking organization servercoordinates with communication terminal device 10, specifies a user,generates the data for entry based on the random graphic table datacorresponding to random graphic table RMTs that is issued for each user,and distributes the generated data for entry to communication terminaldevice 10;

(B) an entry target characters specification process, in which themarker information entered by the user based on the data for entry andrandom graphic table RMT sent from communication terminal device 10 isreceived, and the entry target characters are specified based on thereceived marker information; and

(C) a servicing process in which a predetermined Internet bankingservice is executed based on the specified entry target characters.

Specifically, banking organization server 30 of the present embodimenthas a configuration in which:

(1) banking organization server 30 controls a database, in which therandom graphic table data is recorded in association with identificationinformation (i.e. user IDs) for identifying users, such random graphictable data being predetermined for each user of communication terminaldevice 10, and such random graphic table data having entry targetcharacters that are entered at communication terminal device 10 andfigures that are pre-allocated for each of the entry target charactersassociated with each other;

(2) when a given request (for example, a request for a settlementprocess) designated by a user is received from communication terminaldevice 10, banking organization server 30 specifies the random graphictable data corresponding to such user;

(3) banking organization server 30 extracts figures corresponding to theentry target characters to be specified by the user based on thespecified random graphic table data;

(4) banking organization server 30 generates the data for entry, whichis associated with each of the extracted figures and which includesmarker information that is used when the relevant figures are displayedat the relevant communication terminal device 10, and distributes thegenerated data for entry to communication terminal device 10;

(5) when the figures are displayed at communication terminal device 10based on the distributed data for entry, banking organization server 30obtains the marker information corresponding to the figures entered bythe user from the communication terminal device 10;

(6) banking organization server 30 determines the relevant figures basedon the obtained marker information; and

(7) banking organization server 30 specifies the entry targetcharacters, which are to be specified, based on the determined figuresand executes a given process, such as a settlement process, based on thespecified entry target characters.

Based on such configuration, network system 1 of the present embodimentis adapted such that it can prevent: the leakage of security-relatedinformation (for example, a password) caused by a user's carelessness,for example, by entering, all at once, at a phishing site, all of theinformation described in random graphic table RMT, or the like, which isissued to a user in advance; and the transfer of information to a thirdparty who performs an illegal login.

In addition, network system 1 of the present embodiment is adapted suchthat it can effectively prevent illegal logins and man-in-the middleattacks made by a third party to the services delivered to the users.

Accordingly, network system 1 of the present embodiment is adapted suchthat it can prevent the leakage of security-related information, illegaluse and man-in-the middle attacks and it can improve the security at thetime of delivering various services, such as the Internet bankingservice.

It should be noted that, in the present embodiment, data for entryincludes:

(1) image data for allowing the respective figures to be selected atcommunication terminal device 10;

(2) positional data that indicates display positions when the image datais displayed at communication terminal device 10; and

(3) display control data for causing the image data of the respectivefigures to be displayed at the corresponding display positions.

In addition, the plurality of figures for allowing the user to make aselection, which is used when the data for entry is generated,preferably include all figures corresponding to the entry targetcharacters that have a potential to be entered. In the presentembodiment, a description will be provided using the case where thefigures that are used when the data for entry is generated include allfigures corresponding to the entry target characters that have apotential to be entered.

However, when the generated data for entry does not include image dataof the figures relevant to the entry target characters, it is sufficientto use image data of (N+1) figures with respect to N entry targetcharacters to be specified by implementing a predetermined process suchas re-issuance of such data for entry.

In the present embodiment, as for the marker information, displayposition information in the respective figures when being displayed atcommunication terminal device 10 will be used for the description;however, when the respective figures are displayed at communicationterminal device 10 along with, for example, a matrix, information forspecifying the respective figures selected by the user, such asinformation on row numbers and column numbers, is sufficient.

Random Graphic Table

Next, random graphic table RMT of the present embodiment will bedescribed with reference to FIG. 3. It should be noted that FIG. 3 is adiagram illustrating an example of random graphic table RMT used in thepresent embodiment.

Random graphic table RMT of the present embodiment is a storage mediumin which, when a user uses communication terminal device 10 to accessbanking organization server 30 that delivers various services, figuresfor specifying, at banking organization server 30, the entry targetcharacters entered by such user are created in a viewable manner. Randomgraphic table RMT has a table formed by a plurality of rows and aplurality of columns, in which a plurality of different entry targetcharacters and figures that differ for each entry target character arearranged in a row or column. Each figure has a shape that cannot beconverted by means of the character code used at the time of useroperational input based on an input device used by the user for enteringpredetermined information.

For example, as shown in FIG. 3, random graphic table RMT of the presentembodiment is a random graphic table in which the numbers “0” to “9” arearranged in a line in the first row as entry target characters and whichconsists of a plurality of rows (i.e. six rows) (i.e. random graphictable RMT in a matrix of 6 rows and 10 columns). Random graphic tableRMT has different figures (i.e. 10 figures including symbols, graphicsand pictures), each allocated to each of the numbers being the entrytarget characters, and the arrangement of the figures of each row has adifferent feature.

Random graphic table RMT of the present embodiment is provided to a userby being printed on a rear surface of a cash card (made of plastic)issued by a banking organization to the user, or is provided to the userby being printed on a dedicated passcode card (made of plastic orpaper).

In addition, random graphic table RMT may also be provided by anelectronic passcode card. In such case, the passcode card may be createdby, for example, electronic paper and the random graphic table may beconfigured in a visible manner by electronic ink. The random graphictable may also be configured in a displayable manner by a personalcomputer or a smartphone. In this way, unlike cryptographic tokens, thecost for issuing random graphic tables RMT may be suppressed, and thus,the popularization thereof may be promoted.

While FIG. 3 illustrates the case where the entry target characters areconfigured by figures that cannot be deduced during data communication,such figures are sufficient as long as they cannot be uniquely deducedby means of general input devices, and, as described above, they may be,for example, still images, such as photographs, or figures that areformed by hand-written characters that are written in advance by a user.

In particular, in the case of using hand-written characters written by auser as the figures, the user is asked to write down numericalcharacters 0 to 9 and English characters A to Z in an application format a predetermined timing, such as when opening an account or whenapplying for issuance of a passcode card, and then the figures of randomgraphic table RMT may be structured by making use of these written-downcharacters.

In the case where random graphic table RMT uses numerical characters asthe entry target characters, at least numerical characters 0 to 9 needto be described in the first row. When making use of entries madethrough English characters, hiragana characters, katakana characters,kanji characters or other characters, letters A to Z or characters,which are to be entered, need to be described in the first row. However,regardless of which characters end up being used as the entry targetcharacters, it is necessary to arrange each figure with respect to eachcharacter, in a corresponding manner, such that different figures arearranged in each row and such that the arrangement of such figures inthe plurality of rows differs from row to row.

It should be noted that, in FIG. 3, the entry target characters arearranged in the first row of random graphic table RMT; however, in thepresent embodiment, they may be arranged in the last row of randomgraphic table RMT, or alternatively, they may be arranged in the firstcolumn or the last column thereof. In any case, as with the example ofFIG. 3, it is necessary to arrange each figure with respect to eachcharacter, in a corresponding manner, such that different figures arearranged in each row or column and such that the arrangement of suchfigures in the plurality of rows or columns differs from row/column torow/column.

Communication Terminal Device

Next, communication terminal device 10 of the present embodiment will bedescribed with reference to FIG. 4. It should be noted that FIG. 4 is ablock diagram illustrating a configuration of communication terminaldevice 10 of the present embodiment.

As shown in FIG. 4, communication terminal device 10 of the presentembodiment includes: network communication part 110; recording part 120;Display control unit 130; display 140; Operational unit 150; Terminalmanagement control unit 160; and application execution unit 170.

The above parts are interconnected by means of bus B, through which datatransfer is carried out among the respective components.

Network communication part 110 communicates with and is connected tonetwork 20 either directly or via base station BS, and performstransmission/receipt of various kinds of data with banking organizationservers 30 via network 20.

Recording part 120 is configured by, for example, a hard disk drive(hereinafter abbreviated as “HDD”), or a non-volatile flash memory of anNAND type, an NOR type, or the like.

Recording part 120 also includes application recording part 121 andbuffer 122. A browser for achieving the browsing function is recorded inapplication recording part 121.

It should be noted that, when services are delivered by using anapplication dedicated for the Internet banking service, such dedicatedapplication is recorded in application recording part 121. Buffer 122 isused as a work area for network communication part 110, Terminalmanagement control unit 160 and application execution unit 170.

Display control unit 130 is adapted to generate display data necessaryfor display on display 140 and outputs the generated display data tosuch display 140.

Specifically, Display control unit 130 generates the display data formaking image data corresponding to each figure to be displayed ondisplay 140 in association with the entry target characters, based onthe data for entry received from banking organization server 30, andsupplies the data to display 140.

Display 140 is configured by, for example, a panel of liquid-crystalelements or organic electro luminescence (EL) elements and displays apredetermined image based on the display data generated in Displaycontrol unit 130.

Operational unit 150 is configured by various kinds of confirmationbuttons, a mouse, a pointing device, and a number of keys and a touchpanel such as a numeric keypad, and is adapted to be used by a user sothat he/she may enter various kinds of information and select figuresbased on the data for entry. For example, Operational unit 150 is usedwhen selecting one figure from among a plurality of figures displayedbased on the data for entry. When touching is performed at a particulardisplay position, Operational unit 150 provides the positionalinformation of the figure that is displayed at the touched position toapplication execution unit 170.

Terminal management control unit 160 is configured mainly by a centralprocessing unit (CPU) and includes various kinds of input/output portssuch as a key input port, a display control port, or the like. Terminalmanagement control unit 160 controls, in a comprehensive manner, overallfunction of communication terminal device 10 by executing the variousapplications recorded in recording part 120.

Application execution unit 170 is configured by the same CPU as, or anindependent CPU from, Terminal management control unit 160, andexecutes, under control of Terminal management control unit 160,processes for receiving the Internet banking service by executingvarious applications recorded in application recording part 121.

Banking Organization Server

Next, the configuration of banking organization server 30 of the presentembodiment will be described with reference to FIGS. 5 to 9.

It should be noted that FIG. 5 is a diagram illustrating an example offunctional blocks of banking organization server 30 of the presentembodiment, while FIGS. 6 to 9 are respectively diagrams illustratingexamples of data to be recorded in user management DB 331, randomgraphic table data management DB 332, banking organization management DB333 and account management DB 334, provided in banking organizationserver 30 of the present embodiment.

As shown in FIG. 5, banking organization server 30 of the presentembodiment includes: communication control part 310 that communicateswith and is connected to network 20; ROM/RAM 320 that functions asvarious types of memories; recorder 330 wherein various of databases arestructured; server management control unit 340 that controls the entiredevice; and data process unit 350 that executes various processes at thetime of delivering the Internet banking service. The above parts areinterconnected by means of bus B.

Communication control part 310 is a predetermined network interface, andconstructs a communication channel with communication terminal device 10via network 20 and performs transmission/receipt of various kinds ofdata.

ROM/RAM 320 has various programs recorded thereon which are necessaryfor driving banking organization server 30. In addition, ROM/RAM 320 isused as a work area when various processes are executed.

Recorder 330 is configured by, for example, a Hard Disc Drive (HDD) or aSolid State Drive (SSD). Recorder 330 includes, at least, usermanagement DB 331, random graphic table data management DB 332, bankingorganization management DB 333 and account management DB 334. It shouldbe noted that recorder 330 of the present embodiment configures, forexample, the “database” of the present invention.

User management DB 331 is a database with which various kinds ofinformation for managing a user who has already opened an account at anappropriate banking organization is registered as data. As shown in FIG.6, for example, user attribute information is recorded in usermanagement DB 331 in association with user IDs corresponding to therespective users.

More specifically, the user attribute information includes:

(1) the name of a corresponding user;

(2) the address of a corresponding user;

(3) the account name of a corresponding user; and

(4) a first passcode (login password) of a corresponding user.

The user attribute information is used for managing logins into theInternet banking service made by the users.

For example, FIG. 6 shows that, as the user attribute informationcorresponding to user ID “user 001,” the user attribute information madeup of name “Taro, . . . ,” address “. . . Kita, Tokyo,” account name“2351000,” and first passcode “****” is recorded.

It should be noted that the account name may be the account number, theclient number, or the like, and it may also be the same as the user ID.

Random graphic table data management DB 332 is a database for managingrandom graphic table data corresponding to random graphic tables RMTsissued in advance to the respective users. As shown in FIG. 7, forexample, user IDs corresponding to the respective users and randomgraphic table data that indicates the content of random graphic tablesRMTs issued to the users are associated with each other and recorded inrandom graphic table data management DB 332.

For example, FIG. 7 shows that random graphic table data “DATA 001” to“DATA 004” are respectively associated with “user 001” to “user 004” andrecorded.

In particular, the random graphic table data recorded in random graphictable data management DB 332 has a data configuration in which: theentry target characters included in random graphic table RMT; and theimage data for icon-wise display of the figures allocated to thecorresponding entry target characters on communication terminal device10, are arranged in the same matrix format as that of random graphictable RMT, as illustrated in FIG. 3.

It should be noted that the image data corresponding to the respectivefigures may be configured in any of the following formats, for example:

(1) bitmaps corresponding to pictures or graphics that are indicative ofvarious symbols, including scholarly symbols (for example, mathematicalsymbols, such as calculus symbols, map symbols, music symbols or thelike);

(2) still images such as photographs;

(3) moving images; or

(4) images of hand-written characters.

In particular, when still images are used as image data for the figures,the image data may be configured in a data format such as JointPhotographic Expert Group (JPEG) or the like.

In addition, when the image data for the figures is configured by movingimages, the image data may be configured in a format such as GIF or thelike. Thus, the image data may be configured in data formats such thatthe following display methods are achieved. Namely, the figures may bedisplayed on communication terminal device 10 such that they graduallybecome visible. Alternatively, the figures may be displayed such thatthe order thereof may be changed, or the figures may be displayed aftera predetermined time period has elapsed.

Moreover, displaying the figures as moving images makes it difficult tospecify the figures contained in the data for entry distributed tocommunication terminal device 10 and it also makes it difficult for amalicious third party to conduct various attacks. However, this alsorequires that the moving images of the figures be provided in the issuedrandom graphic tables RMTs by way of a playable electronic paper, aportable terminal device, or the like.

In addition, in the case where beneficiary information (the bankingorganization, the beneficiary account number at a branch office, theaccount holder) concerning the beneficiary, which is registered inadvance by the user is allocated to the entry target characters, or inthe case where a predetermined fixed sentence or fixed format isallocated to the entry target characters, such beneficiary information,the predetermined fixed sentence, or the like, may also be registered inassociation with the entry target characters.

Banking organization management DB 333 is a database in whichinformation for managing the respective banking organizations isrecorded as data. For example, as shown in FIG. 8, the following itemsare recorded in banking organization management DB 333, in associationwith banking organization codes (SWIFT code) for identifying therespective banking organizations:

(1) the name of the relevant banking organization;

(2) the names of the branch offices run by the relevant bankingorganization;

(3) the codes of the relevant branch offices; and

(4) the addresses of the relevant branch offices.

For example, FIG. 8 shows that “Oedo Bank,” with banking organizationcode “001,” runs the “Shinjuku branch office,” the “Shibuya branchoffice” and the “Nihonbashi main office,” and the codes, and the like,of the respective branch offices are recorded.

It should be noted that the banking organization codes are allocated tothe banking organizations one by one, whereas the branch office codesare allocated in a unique manner for each banking organization. Inaddition, instead of the banking organization codes, bank codes such asSWIFT codes, or other codes including country names, location codes,branch office codes or the like, may be used.

Account management DB 334 is a database in which data corresponding toinformation for managing accounts opened by the respective users isrecorded. As shown in FIG. 9, for example,

(1) user IDs of the respective users and

(2) the account information

are associated with each other and recorded in account management DB334.

More specifically, the account information includes:

(2A) the account number of the relevant account;

(2B) the bank name and branch office name at which the relevant accountis opened;

(2C) the balance of the relevant account; and

(2D) the information indicating the registered payment destinations,

and the above information is used for managing the user accounts.

For example, FIG. 9 shows an example where the account information madeup of account number “123456,” banking organization name “Oedo Bank,”branch office name “Shinjuku branch office,” balance “¥*****,”registered payment destinations “Oedo Bank, Nihonbashi main office,*****” and “Δ Bank, Shibuya branch office, ****” is recorded as theaccount information for “user 001.”

It should be noted that, in the present embodiment, the registeredpayment destinations information may be used as the above-describedbeneficiary information.

Server management control unit 340 is configured mainly by a centralprocesser unit (CPU) and controls the respective parts of bankingorganization server 30, in an integrated manner, by executing programs.

Data process unit 350 is configured by the same CPU as, or anindependent CPU from, server management control unit 340, and executesthe following processes by executing applications, under control ofserver management control unit 340, at the time of delivering theInternet banking service during the remittance process fromcommunication terminal device 10 to a predetermined account or othersettlement process: a data for entry distribution process in which thedata for entry is distributed to communication terminal device 10; anentry target characters specification process in which the entry targetcharacters are specified based on the marker information sent fromcommunication terminal device 10 in accordance with entries based on thedata for entry and random graphic table RMT; and a servicing process inwhich the predetermined Internet banking service is executed based onthe specified entry target characters.

Specifically, data process unit 350 coordinates with communicationcontrol part 310 and recorder 330 and embodies: management control part351 that performs recording and updating of data to the respectivedatabases, and management of other Internet banking services; figureextraction part 352 that, at the time of delivering the Internet bankingservice, specifies the random graphic table data of the relevant userand extracts part of the figures from the specified random graphic tabledata; data for entry generation and distribution part 353 that executesthe data for entry distribution process based on the extracted figures;specification process part 354 that executes a process of specifying theentry target characters; and settlement process part 355 that executesthe Internet banking service based on the specified entry targetcharacters, such as a settlement process (hereinafter referred to as the“specific banking service”).

It should be noted that, for example, management control part 351 of thepresent embodiment configures the “controller” of the present invention,and figure extraction part 352 configures the “specifying unit” and“extracting processer” of the present invention. For example, data forentry generation and distribution part 353 of the present embodimentconfigures the “distributer” of the present invention and specificationprocess part 354 configures the “acquiring processer” of the presentinvention. Furthermore, for example, settlement process part 355 of thepresent embodiment configures the “specific processer” of the presentinvention.

Management control part 351 manages reading and writing of data withrespect to each database. In addition, management control part 351generates random graphic table data based on random graphic tables RMTsthat are taken in in advance, manually, or by means of a scanner, notshown, or the like, and the generated random graphic table data isrecorded in random graphic table data management DB 332 in associationwith the corresponding user IDs.

The way in which the random graphic table data is generated atmanagement control part 351 is arbitrary. For example, random graphictable data corresponding to random graphic table RMT as illustrated inFIG. 3 may be generated by separating the figures contained in randomgraphic table RMT and arranging them in a matrix form, in associationwith the entry target characters.

In addition, in response to a request to execute the Internet bankingservice from communication terminal device 10, management control part351 distributes data corresponding to a login page of the Internetbanking service to the relevant communication terminal device 10 andexecutes user authentication based on the account name and the firstpasscode (password), which the user entered based on such data, and theuser attribute information.

Then, after logging in, management control part 351 coordinates withcommunication terminal device 10 and executes, based on the useroperations, processes related to various Internet banking services, suchas a balance inquiry for an account, an application for a loan, or thelike, except for the specific banking service, such as a settlementprocess.

When a processing request in the specific banking service, such as asettlement process, is received, figure extraction part 352 searches,under control of management control part 351, random graphic table datamanagement DB 332 based on the user ID used at the time of logging inand reads the relevant random graphic table data from random graphictable data management DB 332. Then, figure extraction part 352 extractsimage data corresponding to a plurality of figures that belong to, forexample, two randomly selected rows from the read random graphic tabledata.

For example, when random graphic table data corresponding to randomgraphic table RMT shown in FIG. 3 is read, figure extraction part 352extracts image data that corresponds to each of the figures arranged inrow B and row E, as the figures for specifying the entry targetcharacters from the read random graphic table data.

Data for entry generation and distribution part 353 executes, undercontrol of management control part 351, generation and distribution ofthe data for entry, in coordination with communication control part 310,when the process request in the specific banking service, such as asettlement process, is received and when the image data of a pluralityof figures is read by figure extraction part 352.

Specifically, data for entry generation and distribution part 353generates the data for entry based on the image data of the respectivefigures extracted by figure extraction part 352, and distributes thegenerated data for entry to the relevant communication terminal device10.

More specifically, data for entry generation and distribution part 353specifies display positions of the image data of the extracted figuresand determines positional information (i.e. the marker information) thatindicates the display positions of the specified figures. Then, data forentry generation and distribution part 353 generates the data for entrythat includes: the image data of the respective figures; the positionalinformation that indicates the display positions of the respectivefigures; display control data for causing the image data of therespective figures to be displayed at the respective display positions;and indication data for indicating the entry to the user, anddistributes the generated data for entry to the relevant communicationterminal device 10.

For example, a case is assumed in which image data of the respectivefigures arranged in row B and row E in the random graphic table datacorresponding to random graphic table RMT shown in FIG. 3 is read. Insuch case, data for entry generation and distribution part 353determines the display positions (for example, pixel coordinates fordisplaying the image data of the figures on the screen of communicationterminal device 10, and specifically, the center coordinates (x, y) thatindicate the center of the image data) for displaying the respectivefigures in a line and in a random manner on communication terminaldevice 10, based, for example, on the column display for displaying rowB, such that the figure at row B and column 2 is displayed at the farright and the figure at row B and column 5 is displayed at the displayposition in the next row. Then, data for entry generation anddistribution part 353 generates the data for entry that includes thepositional information that indicates the determined display positionsof the figures.

It should be noted that data for entry generation and distribution part353 determines the display positions for displaying the respectivefigures in a line and in a random manner on communication terminaldevice 10, based on the column display for displaying row E.

In addition, as for the indication data for indicating the figures to beselected by the user, the indication data includes, for example,character string (text) data, such as “please select the figurescorresponding to the characters you would like to enter from row B ofrandom graphic table.”

When specification process part 354 receives the positional information(i.e. the marker information corresponding to the figures entered basedon the data for entry and random graphic table RMT), which is acquiredwhen the figures are entered by the user, based on the data for entry,at communication terminal device 10, specification process part 354specifies the entry target characters corresponding to the figuresselected by the user based on: the received positional information; therelevant random graphic table data; and information used for thegeneration of the data for entry by figure extraction part 352, suchinformation being information indicating the rows of random graphictable RMT when the figures are extracted (hereinafter referred to as the“extracted information”).

For example, for the random graphic table data corresponding to randomgraphic table RMT shown in FIG. 3, when the image data of the respectivefigures arranged in row B in the random graphic table data correspondingto random graphic table RMT shown in FIG. 3 is read and when the figureat row B and column 2 is arranged at the far right and the positionalinformation (the marker information) that indicates the position thereofis received, specification process part 354 specifies entry targetcharacter “2” corresponding to position “row B and column 2” as theentry target character.

It should be noted that specification process part 354 specifies aplurality of entry target characters, for example, in accordance withthe order in which the entry target characters are entered. Morespecifically, when specification process part 354 is to specifydouble-digit entry target characters, it specifies the same byassociating the first-specified entry target character with the upperdigit and then by associating the next-specified entry target characterwith the lower digit.

Settlement process part 355 determines predetermined information, suchas the account of the beneficiary or the money-receipt amount, inaccordance with the specified entry target characters and executes thesettlement process based on the determined information.

For example, settlement process part 355 executes a settlement processin which settlement process part 355 specifies the banking organizationof the beneficiary in accordance with the specified entry targetcharacters, reduces the balance by the money-receipt amount from theaccount information of the relevant user, and transmits the specifiedmoney-receipt amount to the account of the beneficiary.

It should be noted that the settlement process in the present embodimentis similar to that in conventional Internet banking services, andtherefore, the details thereof will be omitted.

Network System Operations (Settlement Process)

Next, the operations of the settlement process executed in networksystem 1 of the present embodiment will be described with reference toFIGS. 10 to 13.

FIG. 10 is a flowchart illustrating the flow of the process executed atnetwork system 1 of the present embodiment, FIG. 11 is a diagramillustrating an example of a login page when logging into the Internetbanking service in network system 1 of the present embodiment. FIGS. 12Aand 12B are diagrams each illustrating examples of an entry screen whena user enters various kinds of information based on the data for entryin network system 1 of the present embodiment and FIG. 13 is a diagramillustrating an example of a confirmation screen that is displayed afterthe user has entered the various kinds of information based on the datafor entry in network system 1 of the present embodiment.

In the present operations, it is assumed that the information of FIGS. 6to 9 is already stored in the respective DBs 331 to 334 of bankingorganization server 30 and that communication terminal device 10 isdisplaying the predetermined login screen illustrated in, for example,FIG. 11 and is standing by for the user to enter an instruction intoOperational unit 150 to the effect that the Internet banking service isto be performed.

It should be noted that, in the present operations, the description isgiven on the premise that a settlement process (particular bankingservice) is executed in which a remittance process to the account of athird party is performed.

First, at communication terminal device 10, application execution unit170 detects an account name and a first passcode via Operational unit150, and then an input operation of selecting the “login” button (StepSa101). Then, application execution unit 170 transmits a login request,including the entered account name and first passcode, to bankingorganization server 30 in accordance with the applications recorded inapplication recording part 121, and makes a transition to a receiptstandby mode (Step Sa102).

Next, at banking organization server 30, communication control part 310receives the login request transmitted from communication terminaldevice 10 (Step Sa301). Management control part 351 searches usermanagement DB 331 based on the account name and the first passcodecontained in the login request, specifies a user ID and executes userauthentication (Step Sa302).

Subsequently, when the login is made by successfully executing the userauthentication, management control part 351 transmits to the relevantcommunication terminal device 10, via communication control part 310,data corresponding to a web page for the relevant user to executevarious net-banking services (hereinafter referred to as the “userpage”), and makes a transition to a receipt standby mode (Step Sa303).

It should be noted that, at Step Sa302, when the login is unsuccessful,management control part 351 transmits accordingly to the relevantcommunication terminal device 10 and terminates the present operations.When communication terminal device 10 is notified of the fact that thelogin was unsuccessful, it returns to the process in Step Sa101. Inaddition, when management control part 351 receives a logout instructionfrom communication terminal device 10, during the logged-in state, itterminates the present operations, regardless of the processes in thepresent operations.

Subsequently, at communication terminal device 10, network communicationpart 110 receives the data for the user page (Step Sa103). Then,application execution unit 170, in coordination with Display controlunit 130, causes display 140 to display the image of the user page andstands by for an operational input of a settlement process for executinga remittance to the account of a third party (Step Sa104).

It should be noted that, when application execution unit 170 detects alogout instruction via Operational unit 150, during the logged-in stage,application execution unit 170 terminates the present operations bytransmitting a logout instruction to banking organization server 30,regardless of the processes in the present operations.

Subsequently, application execution unit 170 detects an instruction forexecuting a settlement process via Operational unit 150 (Step Sa105).Then, application execution unit 170 transmits a request for executingsuch settlement process to banking organization server 30 and makes atransition to a receipt standby mode (Step Sa106).

Subsequently, at banking organization server 30, management control part351 receives the request for executing the settlement process (StepSa311). Then, management control part 351 causes figure extraction part352 to read, from random graphic table data management DB 332, therandom graphic table data corresponding to the relevant user (i.e. theuser who is in the logged-in state and who requested the settlementprocess) and acquires the same (Step Sa312).

Subsequently, figure extraction part 352 extracts a plurality of figuresthat belong to an arbitrary line, in a random manner, from the readrandom graphic table data in order to select a plurality of entry targetcharacters (Step Sa313).

Subsequently, data for entry generation and distribution part 353 readsthe image data corresponding to the figures extracted from randomgraphic table data management DB 332, specifies the display positions ofthe image data for each of the extracted figures, and determines thepositional information (i.e. the marker information) that indicates thedisplay positions of the specified figures (Step Sa314).

Subsequently, data for entry generation and distribution part 353generates the data for entry and distributes the generated data forentry to the relevant communication terminal device 10 (Step Sa315). Thedata for entry includes: the image data of each of the read figures; thepositional information (the marker information) that indicates thedisplay positions of the respective figures; the display control datafor causing the image data of each of the figures to be displayed at thecorresponding display position; and the indication data for indicatingthe entry to the user.

For example, data for entry generation and distribution part 353generates, as illustrated in FIG. 12B, the data for entry that includes:

data for displaying, at communication terminal device 10,

(1) the name of the money-receiving banking organization,

(2) the money-receipt amount,

(3) the name of the money-receiving branch office,

(4) a pull-down box for selecting an account type (savings, checking, orthe like), and

(5) a text box for entering a predetermined number of digits from thetop (for example, the first five digits) of the money-receiving accountnumber;

(6) image data corresponding to a character string, such as “pleaseselect the figure relevant to (the second digit from the bottom) fromrow B,” and figures in row B in order to select entry target characters(for example, the last two digits of the account number) to be enteredby means of figures; and

(7) image data corresponding to a character string, such as “pleaseselect the figure corresponding to the last digit from row E,” andfigures in row E.

It should be noted that each text box may be replaced by a pull-downbox.

Subsequently, at communication terminal device 10, network communicationpart 110 receives the data for entry distributed from bankingorganization server 30 (Step Sa111). Then, application execution unit170 causes an entry screen (hereinafter also referred to as the “screenfor entering account information”), such as that illustrated in FIG.12B, to be displayed based on the received data for entry (Step Sa112).

Subsequently, application execution unit 170, in coordination withOperational unit 150 and in accordance with the screen for enteringaccount information, acquires the entered remittance amount, the name ofthe beneficiary bank, the name of the branch office, the account type,and part of the account number. Application execution unit 170 alsoacquires the entered account information, including the positionalinformation of the figures for specifying the other part (i.e. the entrytarget characters) of the account number, which was entered by referringto the relevant random graphic table RMT (Step Sa113).

In particular, when application execution unit 170 of the presentembodiment detects the positions of the figures corresponding to thenumbers of the last two digits of the account number, it specifies thepositional information that indicates the detected positions of thefigures, as the information for specifying the entry target charactersby means of the figures.

For example, when the last two digits of the account number, which areto become the entry target characters, are “27” and when the figure atrow B and column 2 and the figure at row E and column 1 in randomgraphic table RMT are selected by Operational unit 150 (i.e. when thedisplay positions of the relevant figures are touched), applicationexecution unit 170 specifies, as the positional information of thefigure of the upper digit, the positional information of the image datathat indicates the seventh position from the left facing the plane ofFIG. 12B and, as the positional information of the figure of the lowerdigit, the positional information of the image data that indicates fifthposition from the left facing the plane of FIG. 12B.

Subsequently, application execution unit 170 displays, on the display140, the entered account information including the positionalinformation as the marker information (Step Sa114). Then, applicationexecution unit 170 transmits such entered account information to bankingorganization server 30 and stands by for the receipt of informationindicating the remittance result (Step Sa115).

It should be noted that application execution unit 170 displays ondisplay 140, in coordination with Display control unit 130 and forexample as shown in FIG. 13, the information (the banking servicespecific information) acquired in Step Sa113, which includes thepositional information as the marker information. However, applicationexecution unit 170 may display, in coordination with bankingorganization server 30, the banking service specific information ondisplay 140 after the acquisition thereof when the account is confirmedat the relevant banking organization server 30.

Subsequently, at banking organization server 30, communication controlpart 310 receives the entered account information transmitted bycommunication terminal device 10 (Step Sa321). Then, specificationprocess part 354 specifies the entry target characters corresponding tothe figures selected by the user, based on the positional informationincluded in the received entered account information, the data for entrydistributed to the relevant user, and the random graphic table data ofsuch user (Step Sa322).

More particularly, in the present embodiment, specification process part354 determines the beneficiary account number, which is made up of sevendigits, by combining the characters for the last two digits, which arespecified by the positional information, with the first five digits ofthe account number, which are entered by the user in the entry screen.

Subsequently, settlement process part 355 executes a settlement processin which the remittance process is performed based on the entry targetcharacters specified in Step Sa322 and the information included in thereceived entered account information (Step Sa323). Specifically,settlement process part 355 performs the remittance process based on thespecified beneficiary account number, the names of the beneficiarybanking organization and the branch office, etc. included in the enteredaccount information.

It should be noted that, at this time, when the account information,etc. is appropriately specified, the beneficiary banking organizationserver 30 adds the amount of money corresponding to the remittanceamount to the balance in the account information corresponding to thebeneficiary account in the account management DB, and notifies thepaying banking organization server 30 of the fact that the remittancewas appropriately executed.

Lastly, settlement process part 355 transmits settlement resultinformation indicating the result of the settlement to the relevantcommunication terminal device 10 (Step Sa324) and terminates the presentoperations.

It should be noted that management control part 351 transmits thesettlement result information after receiving the notification from thebeneficiary banking organization server 30. After transmitting thesettlement result information, management control part 351 may retainthe logged-in status after completion of the settlement process withoutterminating the present operations and may stand by for a further inputoperation from the relevant communication terminal device 10.

On the other hand, at the communication terminal device 10, applicationexecution unit 170 receives the settlement result information vianetwork communication part 110 (Step Sa121). Then, in coordination withDisplay control unit 130, application execution unit 170 displays thereceived settlement result information on display 140 (Step Sa122) andterminates the present operations.

It should be noted that, similarly to banking organization server 30,application execution unit 170 may retain the logged-in state afterdisplaying the settlement result information without terminating thepresent operations and may make a transition to the process in StepSa104.

As described above, network system 1 of the present embodiment iscapable of preventing: the leakage of security-related information (forexample, a password) caused by a user's carelessness, for example, byentering, all at once, at a phishing site, all of the informationdescribed in random graphic table RMT, or the like, which is issued to auser in advance; and the transfer of information to a third party whoperforms an illegal login.

In addition, network system 1 of the present embodiment is capable ofeffectively preventing illegal logins and man-in-the middle attacks madeby a third party to the services delivered to the users.

Accordingly, network system 1 of the present embodiment is capable ofpreventing the leakage of security-related information, illegal use andman-in-the middle attacks and of improving the security at the time ofdelivering various services such as the Internet banking service.

Variations

[6.1] Variation Example 1

The above-described embodiment is configured such that part of thepaying-in account number is entered based on the data for entry;however, it is also possible that part of the banking organization name,the paying-in amount, etc. is entered based on the data for entry.

Even when this method is adopted, it is possible to improve the securityin the Internet banking service by preventing various attacks by a thirdparty and to prevent illegal use, or the like.

[6.2] Variation Example 2

The above-described embodiment adopts a configuration in which thesecurity is improved by performing entry through the data for entry andrandom graphic table RMT, after performing the first level userauthentication using a password (first passcode).

However, as is the case in, for example, online stores using a network,in the case of a service where a settlement is executed only with theuser's account name and password, part of the account name, part of thepassword, or both, may be entered using the random graphic table dataand random graphic table RMT.

In such case, communication terminal device 10 may transmit, forexample, only the account name, and banking organization server 30 mayspecify the user ID and the random graphic table data in accordance withthe transmitted account name, may generate data for entry for enteringthe password, and may distribute the generated data for entry tocommunication terminal device 10.

[6.3] Variation Example 3

The above-described embodiment adopts a configuration in which part ofthe information to be entered by the user is entered based on the randomgraphic table data and random graphic table RMT; however, all of theinformation to be entered by the user may be entered based on the randomgraphic table data and random graphic table RMT.

[6.4] Variation Example 4

The above-described embodiment adopts a configuration in which the datafor entry, including all figures corresponding to the last two digits ofthe account number, is distributed from the banking organization server30 to communication terminal device 10 and the user is requested toselect figures for the two characters all at once; however, the user maybe requested to enter one figure at a time.

In this case, banking organization server 30 may distribute the data forentry for one character to communication terminal device 10, andcommunication terminal device 10 may just have to sequentially specifythe characters by executing the procedure of transmitting the markerinformation, selected based on such data for entry, to bankingorganization server 30 in a repeated manner.

[6.5] Variation Example 5

In the above-described embodiment, there may be cases in which a creditcard is registered in the services, such as the online stores, etc. Theleakage of the credit card number and security code thereof is preventedin an effective manner by making use of the data for entry and randomgraphic table RMT, as with the present embodiment, at the time ofregistering the credit card, and thus, the safe use of credit cards isalso achieved.

[6.6] Variation Example 6

The above-described embodiment adopts a configuration in which therespective DBs 331 to 334 are provided and managed in bankingorganization server 30; however, it is possible to adopt a configurationin which each of DBs 331 to 334 is managed by a separate computer.

[6.7] Variation Example 7

In the above-described embodiment, banking organization server 30 may beconfigured as a server system that is configured by a plurality ofcomputers.

[6.8] Variation Example 8

In the above-described embodiment, a description is given as to anexample in which banking organization server 30 is provided at eachbanking organization and a cash flow is made among banking organizationservers 30 of different banking organizations; however, in the case whena cash flow is to be made within one and the same banking organization,one banking organization server 30 is sufficient for managing such cashflow.

[6.9] Variation Example 9

In the above-described embodiment, banking organization server 30executes the settlement process, including remittance, using randomgraphic table RMT with the above-described numerical characters “0” to“9”; however, the present variation example may be configured such that,for example, beneficiary information (the banking organization, accountnumber at the paying-in branch office, the account holder) related tothe beneficiary, which is registered in advance by the user, isallocated to the numerical characters or other entry target characters,and then, such transmission destination information may be acquired.

In this case, when the user selects the entry target characters by wayof the figures, banking organization server 30 uniquely specifies thebeneficiary information corresponding to the entry target charactersselected by the user and executes the settlement process based on thespecified beneficiary information.

It should be noted that random graphic table RMT of the presentembodiment may be able to specify numerical characters, or further,fixed sentences, or the like, from the figures selected by the user, byrequiring the user to create predetermined fixed sentences or fixedformats in advance and by associating such fixed sentences, etc. witheach of the numerical characters.

1 network system

10 communication terminal device

110 network communication unit

120 recording unit

121 application recording part

122 buffer

130 display control unit

140 display

150 operation unit

160 terminal management control unit

170 application execution unit

30 banking organization server

310 communication control unit

320 ROM/RAM

330 recorder

331 user management DB

332 random graphic table management DB

333 banking organization management DB

334 account management DB

340 server management control unit

350 data process unit

351 management control part

352 figure extraction part

353 data for entry generation and distribution part

354 specification process part

355 settlement process part

1. A server system for executing a given process using individual databeing predetermined for each user that has a communication terminaldevice and having entry target characters entered by the user andfigures pre-allocated to the respective entry target characters that areassociated with each other, comprising: an acquiring processer thatacquires, from the communication terminal device, marker informationthat corresponds to a figure entered by an input user based on data forentry, the data for entry including: the figures of the individual datathat is corresponding to the input user; and the marker information thatis used when the figures are displayed at the communication terminaldevice of the input user; a determining processer that determines thefigure entered by the input user based on the data for entry of theinput user and the acquired marker information; and a specific processerthat specifies the entry target character to be specified based on thedetermined figures and the individual data of the input user, and thatexecutes the given process based on the specified entry targetcharacter.
 2. The server system according to claim 1, further comprisinga distributer that distributes the data for entry to the relevantcommunication terminal device, and wherein the determining processerdetermines the figure entered by the input user based on the distributeddata for entry and the acquired marker information.
 3. The server systemaccording to claim 2, wherein the distributer generates the data forentry of the input user based on the individual data of the input user,and distributes the generated data for entry to the communicationterminal device.
 4. The server system according to claim 1, wherein theindividual data has each of the entry target characters that correspondsto a plurality of the figures, respectively, and the data for entry doesnot include the plurality of the figures corresponding to the same entrytarget character.
 5. The server system according to claim 1, wherein theindividual data has the entry target characters that is different fromeach other and each of the entry target characters corresponds to aplurality of the figures, respectively, and the data for entry has eachof the figures corresponding to the single entry target character thatis different from each other, respectively.
 6. A communication system,comprising: a server system according to any one of claim 1; and aplurality of communication terminal devices that communicates with andis connected to the server system via a network.
 7. A executing methodfor executing a given process using individual data being predeterminedfor each user that has a communication terminal device and having entrytarget characters entered by the user and figures pre-allocated to therespective entry target characters that are associated with each other,comprising: acquiring, from the communication terminal device, markerinformation that corresponds to a figure entered by an input user basedon data for entry, the data for entry including: the figures of theindividual data that is corresponding to the input user; and the markerinformation that is used when the figures are displayed at thecommunication terminal device of the input user; determining the figureentered by the input user based on the data for entry of the input userand the acquired marker information; and specifying the entry targetcharacter to be specified based on the determined figures and theindividual data of the input user, and that executes a given processbased on the specified entry target character.
 8. A communicationterminal device that is connected to a server system that executesvarious processes, via a network and that deliver various services to auser while they transmit/receive data to/from the server system, thecommunication terminal device comprising: an acquiring processer thatacquires data for entry predetermined for each user from the serversystem, the data for entry having figures and marker information, eachof the figures pre-allocated to relevant entry target characters,respectively, the entry target characters being entered by a user, themarker information being used when the figure is displayed on a display;an receiver that receives an input operation of the user in accordancewith an image displayed based on the acquired data for entry; aspecifying processer that specifies the figure designated by the user inresponse to the input operation; and a transmitter that transmits markerinformation corresponding to the specified figure to the server system.9. A communication method for a terminal and a server system thatexecutes various processes, via a network and that deliver variousservices to a user while they transmit/receive data to/from the serversystem, the communication method comprising: acquiring data for entrypredetermined for each user from the server system, the data for entryhaving figures and marker information, each of the figures pre-allocatedto relevant entry target characters, respectively, the entry targetcharacters being entered by a user, the marker information being usedwhen the figure is displayed on a display; receiving an input operationof the user in accordance with an image displayed based on the acquireddata for entry; specifying the figure designated by the user in responseto the input operation; and transmitting marker informationcorresponding to the specified figure to the server system.
 10. Arecording medium having figures that are visible and that are forspecifying, at a server system that delivers various services, entrytarget characters entered by a user when the user accesses the serversystem by making use of a communication terminal device, the recordingmedium comprising: a table that has a plurality of rows and a pluralityof columns, a plurality of different entry target characters and aplurality of figures that differ for each entry target character beingarranged in a row or column, and each figure having a shape that isunconverted by a character code used at the time of user operationalinput based on an input device to be used by the user for enteringpredetermined information.